3306 - MySQL
# Try connection from outside
mysql --host <IP> -u root -proot
# Connection from the target machine
mysql -u root -p root database
select host, user, password from mysql.user;
Identification and Scan
# Using nmap NSE scripts
nmap -n -sV --version-intensity=5 -Pn -p T:3306 --script=xxxx <IP>
# Audits MySQL database server security configuration
# Bruteforce accounts and password against a MySQL Server
# Attempts to list all databases on a MySQL server. (creds required)
#Dumps the password hashes from an MySQL server in a format suitable (creds required)
# Checks for MySQL servers with an empty password for root or anonymous.
# Performs valid-user enumeration against MySQL server using a bug
# Connects to a MySQL server and prints information such as the protocol and version numbers, thread ID, status, capabilities, and the password salt.
# Runs a query against a MySQL database and returns the results as a table. (creds required)
# Attempts to list all users on a MySQL server.
# Attempts to show all variables on a MySQL server.
# Attempts to bypass authentication in MySQL and MariaDB servers by exploiting CVE2012-2122. If its vulnerable, it will also attempt to dump the MySQL usernames and password hashes.